Ofcom investigation into cloud services needs to have more teeth: Barry Alston
Cloud computing – delivery of data storage, servers, databases, networking, and software via the internet - has become critical for many organisations and since the pandemic, has transformed the way we work.
There are, of course, many benefits to using cloud services such as scalability, cost-efficiency and enhanced collaboration. However, all types of organisations from SMEs to public sector companies rely so heavily on it for their day-to-day functioning that some providers have taken advantage and effectively created a monopoly.
I work for Claritas Solutions, a Wetherby-based IT company which only has UK-based data centres and none of our data or traffic is routed overseas, and while I welcome the Ofcom investigation I think it falls short in several ways.
Firstly, the Information Commissioners Office (ICO) has the teeth to fine and penalise those who do not adhere to their policies but is choosing to look the other way.
In my role, I often see UK public sector organisations failing to carry out effective due diligence which then leads to data breaches.
Last November, the education department was ruled to have given improper access resulting in data being released which could identify millions of children.
The Information Commissioner said the serious breach law would have resulted in a £10m fine if it were not for the ICO’s reluctance to put pressure on the cash flow of public sector bodies.
This is a prime example of where the lack of action means there is no reason for the UK public sector to change its behaviours whatever the Ofcom investigation outcome.
Secondly, Ofcom needs to work out how to effectively penalise large companies that hold the data.
There is a line in the Ofcom response asking how to manage companies like AWS and Microsoft, and no one has an answer.
Currently, the big hyperscalers put money away ready to be spent on fines. Earlier this month, Facebook’s owner Meta, simply paid a €1.2bn fine for mishandling data when they transferred it from Europe to the USA. They’re making so much money, they don’t care.
Thirdly, one glaring omission from the Ofcom probe is data sovereignty. Ofcom has identified that 80 per cent of the UK cloud market sits with three hyper scalers from the USA, which means it is subject to US law, not UK law.
No organisation, small or large seems to ask themselves where they want their data to be stored.
I welcome the Ofcom probe into the UK cloud market but I want it to go further otherwise no one will ever learn and data will never be protected.
In an ideal world, individuals would accept their responsibilities and understand they have a part to play in keeping their data safe but at the moment, not many people understand what’s happening. You also need to ask the question of what the future looks like, in say 10 years time, when all the knowledge base, data, resources, and funding are in the hands of very few companies with more wealth than small nations.
So, the best way we can make improvements is by putting pressure on Ofcom to be more rigorous.
Barry Alston is Public Sector Development Director at Claritas Solutions